Quite likely, the single most significant data security educational series of blog posts this year - via the Imperva Cyber Security Blog,written by Elad Erez and Luda Lazar - now in Part 3 of the series (Part 1 and Part 2 are highly recommended as well). Rather than put my spin on what Elad and Luda have presented on the Imperva blog, I'll let their brilliant speak tell the tale! Today's highly important Must Reads.

Where does all of that data gathered by car manfacturers while we drive? Perhaps Jonathan M. Gitlin, reporting for everyone's beloved Ars Technica can fulfill that data request in a speedy manner! Shouldn't the driver/owner of the vehicle make that decision? Enjoy.

...and now - just when you thought it was safe to turn out the lights on your datacenter, and let all that Data That Is Big percolate up through your Enterprise, comes news of more vectored ransomware attacks targeting Hadoop and CouchDB instances. Today's Must Read, indeed.

My suggestion is to, um - perhaps...not expose your database layer to external contact... Perhaps a DENY ALL to rule for your MongoDB deployment in your firewall would be helpful as well... just saying. Oh, and very good advice from Lucian at the end of his reportage: Use the MongoDB security checklist. It is - I can assure you - prietenul tău!. I also strongly suggest taking the time to read the Security Hardening documentionfromMongoDB; you can also download an EPUB version of the MongoDB manual. You'll be glad you did. That is all.

DarkMatters takes us down the slippery-slope of poorly configured Databases, and Database Management Systems. Threats abound, yet little is accomplished to remdiate (until after data loss). Today's Must Read.

'As of this writing, there are more than 27,000 instances of MongoDB and approximately 29,000 instances of Redis on the internet that do not have authorization enabled. Misconfigured databases are just as dangerous as vulnerabilities—they provide the bad guys an easy-access, exploitable front door to user data.' viaDarkMatters

You should know Graham Cluley, specifically because of his outstanding information security reporting; as evidenced, if you will, by his latest screed targeting the so-called Iron Tiger targeted attacks. Noted as today's Must Read.

Meanwhile, in Blatant Stupidity news, ArsTechnica'sDan Goodinwrites of the latest Uber mistep. This time, Uber decided to store an encrypted database's PRIVATE KEY (anecdotally, the DB contained sensitive data for at least fifty thousand of the company's drivers) on a GitHub public page. Apparently, there may have been a wee bit of confusion as to what a PRIVATE KEYis, in relation to a PUBLIC KEY within Uber's apaprently crack IT department... Oops.